Menu

Mobile Apps Forensics Update

Intro

Our team was able to make significant progress on our project in the past few weeks. Since our last post, we have been able to successfully get an image of the iPhone 5 that we used for data generation and have completed our analysis of the applications Yik Yak and Periscope. Next we will be focusing on an application called Private Photo (Calculator%), which appears as a legitimate calculator application on the user’s device but acts as a library where users can encrypt their photos and videos.

Analysis of mobile apps progress

Using Cellebrite as our primary imaging tool, our team has been recovering entire filesystem images for analysis. We found that this method yields much more information for analysis.

Yik Yak

Analysis of our Android device yielded many more forensic artifacts than were recovered from the iPhone. Some of the standout findings from our Android device include exact latitude and longitude coordinates of saved “peek” locations by the user. We also found cached photos that are recoverable and appear to be from yak postings.

Our iPhone did not yield as many exciting results. Recovered data included Unique User IDs, which can be useful in forensic investigations, a few saved photos, and some Yik Yak cookies that were URL Encoded.

Periscope

This livestreaming application had many functions that were of forensic interest, specifically geo-location. Again, our Android device proved to yield more forensic artifacts than our iPhone. Neither our Android phone nor our iPhone provided exact geographic locations, but using an Android device a general location and timestamp can be determined. Additionally, the amount of cached data retrieved from the Android device was impressive. Over 1500 cached photos were recovered from just a few days of using the application.

Our iPhone data was more limited but still very interesting. Findings included general user statistics such as number of followers, blocked users, profile picture, and much more. As seems to be the trend, our iPhone provided general information about the application’s use but this data was not as specific as our Android data.

Conclusion

Moving forward, we will be investigating one last application, Private Photo (Calculator%), for iOS. We then plan to shift our focus to formally documenting our findings for Yik Yak, Periscope, and Private Photo (Calculator%) into one report. This will be an in depth report that touches on all of our team’s findings for the semester.

Post navigation

Online Digital Forensic Science Master’s Degree

The LCDI provides computer forensics and digital investigation operational support, training, research, and other technical services to assist law enforcement agencies in Vermont, and throughout the nation, in areas related to computer forensics and other digital investigations.

If you are interested in viewing some of the work that the students are currently working on in the LCDI, view our blog. If you are a firm looking to hire well-rounded professionals, view our list of student employees and consider them for hire! They are experienced and would be a great asset to any team.